CVE-2020-16875: Microsoft Exchange Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.4)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Sep

Released

2020-09-08

Last Updated

2020-09-08

EPSS Score

86.82% (percentile: 99.4%)

Description

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.

Detection & Weaponization (1 sources)

Maturity: Exploit

• Metasploit modules: Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE

Affected Products (4)

Other

• 11788
• 11789
• 11790
• 11791

Security Updates (4)

• 4577352
• 4577352
• 4577352
• 4577352

Acknowledgments

Steven Seeley (mr_me) of <a href="https://srcincite.io/">Source Incite</a>

Revision History

• 2020-09-08: Information published.
• 2020-09-08: Updated vulnerability description.